I'd prefer sticking with curve25519 for messages.
The public keys are already in the protocol, so you don't need to transamit new ones, it's save, it's easy because you have all the dependencies already there, and it fits the problem perfectly...
I'd like to remind that each session should use a unique key-pair to avoid known-plaintext attacks.